People don't usually discuss password encryption, because there seems
to be no options to discuss – passwords are, by definition, encrypted.
While this is usually true, encryption is not a simple yes or no
proposition. The effectiveness of encryption, usually described as its
strength, ranges from very weak to extremely robust.
At its weakest, we have passwords that have been simply encoded. This produces a
password that is not readable directly, but, given the key, we could
easily translate it using a computer, pen and paper, or a plastic
decoder ring from a cereal box. An example of this is the ROT13
ROT13 replaces every letter in a text with the letter that is 13
places away from it in the alphabet. For example 'ABC' becomes 'NOP'.
Even when using algorithms that can more accurately be called
encryption, the encryption is weak, if the key used to generate it is
weak. Using ROT13 as an example, if you consider the 13 place
differential to be the key, then ROT13 has an extremely weak key.
ROT13 can be strengthened by using a different key. You could use
ROT10, replacing each letter with the one ten places forward, or you
could use ROT-2, replacing each letter with the one two places before
it. You could strengthen it even more, by varying the differential,
such as ROTpi, where the first letter is shifted 3 places; the second,
1 place; the third, 4 places; the fourth, 1 place; and so on, using pi
(3.14159265...) to provide a constantly varying differential.
Because of these possible variations, when you are encrypting any type
of information, you must be sure that you are using a reliable method
of encryption and that the key – your contribution to the encryption –
will provide you with a robust result.
You must also remember that a good system of encryption is useless
without good passwords, just as good passwords are useless without